SentinelOne

SentinelOne is a provider of a complete Endpoint Detection and Response (EDR) solution that responds to today's endpoint threats, including ransomware and 0-day attacks. The solution developed by SentinelOne protects employees' computers, servers, virtual machines and containers in the cloud. It covers all stages of risk prevention and incident response — identification of threats and protection, detection and response to incidents and system recovery in the event of a security breach — thus meeting the expectations of SOC and CSIRT / CERT units.

SentinelOne EDR capabilities include:

  • signature-free malware detection, including ML / behaviorism,
  • firewall controlling access to / from the network,
  • application inventory and vulnerability management,
  • control of USB and Bluetooth devices,
  • incident response, including network quarantine,
  • system cleanup after the incident,
  • system recovery after the incident,
  • visualization of malware operation, e.g. process operation map, network connection map,
  • post-incident analysis, including remote execution of PowerShell scripts,
  • threat hunting, IoC searching on all systems,
  • protection of virtual machines in the cloud, cloud workloads and containers (including Kubernetes),
  • detection and control of IoT devices.

Description of technology

Endpoint security

SentinelOne Endpoint Detection and Response (EDR) - combines the functions of risk prevention and detection and response to incidents in one specially developed agent based on machine learning and automation. SentinelOne provides endpoint protection for all relevant attack vectors, as well as incident detection and handling thanks to fully automated, policy-based response functions and full visibility of the endpoint environment with context and post-incident analysis in real time.

Helpfull files